Major Description
I'm testing out Group Auth with user attribute `memberOf`. The entry is as follows.
ldapsearch -x -LLL -H ldap:/// -b "uid=cbman,ou=People,dc=example,dc=com" + |
dn: uid=cbman,ou=People,dc=example,dc=com
|
memberOf: cn=mygroup,ou=Groups,dc=example,dc=com
|
entryDN: uid=cbman,ou=People,dc=example,dc=com
|
subschemaSubentry: cn=Subschema
|
...
|
Problem is the LDAP url used to fetch the memberOf attribute doesn't return the group when scope is set to one.
~$ curl -user $CREDS "ldap://<host:port>/uid=cbman,ou=People,dc=example,dc=com?memberOf?one" |
~$
|
But If I use base or sub, then it works:
|
|
DN: uid=cbman,ou=People,dc=example,dc=com
memberOf: cn=mygroup,ou=Groups,dc=example,dc=com
~${code}
Is there any reason why scope can't be changed for the userAttribute group matching? I noticed it can be set for 'LDAP Query' option for groups.
Attachments
| For Gerrit Dashboard: MB-35503 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 113296,2 | MB-35503: Change default scope for groups search by attr to base | master | ns_server | Status: MERGED | +2 | +1 |